Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, with reference to Schedule 12 of the Data Protection and Digital Information (No. 2) Bill introduced on 8 March 2023, whether any IT provider notified his (a) Department and (b) agencies and other public bodies of an intention to pursue legal action if they were the subject of a statement of censure for non-compliance with information standards of the type described in Section 251ZC of that Bill between 6 April 2015 and 5 April 2023.

No IT provider has notified the Department, or as far as we are aware, any agency or other public body, of an intention to pursue legal action if they were the subject of a statement of censure.

The proposed changes in the Bill will ensure that IT suppliers involved in the processing of health or care information can be made accountable for meeting information standards. Engagement with health and care stakeholders, including IT providers, has been taking place since July 2022 to gather queries, concerns and recommendations to ensure sufficient considerations in the implementation design.

IT providers may incur additional costs associated with complying with information standards, but these are likely to vary between IT providers, depending on a number of factors. Proper consideration will be given to the need to set standards that are reasonable and achievable.

It is expected that IT providers will then factor in the cost of meeting them. The intention is also to take a phased approach to implementation in order to minimise costs to IT providers as far as possible.